March 8, 2012

Status update overload?

Image from Maggie Cakes
In a 2012 survey by the National Cyber Security Alliance (NCSA) and McAfee, “one in five Americans have come in contact with someone online who made them feel uncomfortable through stalking, persistent emails, and other aggressive outreach attempts… [Additionally,]one in five Americans have been victimized through experiences like identity theft, data theft, stalking, bullying or auction fraud… ” Is this really any surprise when we look at what information we so readily provide online?

Image from Mucky Clothing
Keep in mind, social network sites were originally designed to share information to the maxim extent to provide an enhanced and personalized social experience online. They were not designed with security in mind. The site will default to setting that will give you more connections all in the name of giving you a “social” experience. Not all the connections are necessarily the ones you may want.

Act now! Use these tips suggested by NCSA and McAee:

1)   Check your privacy settings. The wide world web does not need to read everything you post. By setting up your privacy settings, you limit the viewership to your information.

2)   "Spring Clean" your online profile. You don’t need to include your phone number, home address, or other contact information. Your real friends already know this information, so why place it out there for it to potentially fall into the wrong hands? When Facebook implements updates, they temporarily set all profiles to the default settings.

3)   Don’t accept “friend” request from strangers. It's mother’s old advice, don’t talk to strangers, brought into the cyber realm. The Robin Sage experiment, which was a fake profile, “accumulated hundreds of connections… includ[ing] executives at government agencies…[and] much of the information revealed to Robin Sage violated OPSEC procedures.”

4)   Careful about posting photos. What information are you unintentionally providing in your photos, whether is in the background or metadata?  Many uploaded photos include geotags, which is location information in the metadata. In 2010, MythBusters host Adam Savage posted on his Twitter account a photo of his car with the update “off to work.” The photo had geotags, so with this one status update, he provided the exact location of his home, what vehicle he drives and the time he leaves his house.

5)  Create a STRONG password. According to CNN, “exploiting weak or guessable passwords was the top method attackers used to gain access…” The more complex, the better. The whole point of passwords is not to inconvenience you, but to help ensure it is YOU accessing the account. (See our "Commonly Common Password" post)

6)   Don't  use location-based services. If used too often or publicly, these services can help somebody map out patterns of behavior. All it takes is looking at where and when you typically check-in, as well as pulling up an online photo of you, to easily track you down or worse.

Follow these tips and hopefully it would prevent you from being the subject of this song.

The Facebook Stalking Song

US Army Public Affairs Social Media Division Social Media Roundup, “Dangers of location-based social networking and geotagging” Link:
Please Rob Me, Raising awareness about over-sharing. Link:

Facebook Security Handbook. Link:
Enhanced by Zemanta

March 6, 2012

The commonly common password

According to a 2012 article on, the most commonly used password is "Password1."

Is it just me, or does it appear that people are not even trying? How else would this most basic password become the most common?

"Around 5% of passwords involve a variation of the word 'password,'... The runner-up, 'welcome,' turns up in more than 1%," as in welcome to my easily hackable account.

Granted this commonly used password meets the complexity rules defaulted in most business networks, but is it fulfilling its purpose, its higher calling? Hmmm... I wonder.

The purpose of passwords is to authenticate a person as an authorized user allowed access to the system. Passwords are the simplest computer security procedures; the basic building blocks to any network security. If you make the password so easy to figure out (even by people you don't want to grant access to), why should you even bother with any type of computer security?

For those computer users that insist on using a word from the dictionary as their password, here are some tips to make your password a bit more complex (otherwise known as harder to guess).

- instead of using the letter "s," use the $ sign.
- instead of using the letter "a," use the @ sign.
- instead of using the letter "l" or "I," use the number 1 or ! sign
- instead of using the letter "o," use the number 0
- for my dyslexic users, instead of using the letter "E," use the number 3

For example, we take the common "Password1," and change it by using our above tips to "P@s$w0rd1." Our new password provides more complexity while still giving you a memory trick.

Other password security tips you may want to incorporate:
- use combinations of uppercase, lowercase, numbers and special characters.
- the longer the better. It adds to the complexity.
- change your password frequently.
- don't use the same password on multiple sensitive accounts.
- from our "Identify Theft, Part III" post covering computer security we mentioned using "common security passwords like 'password,' 'passw0rd,' '123456,' 'monkey,' 'football,' or any other password listed on the 25 Worst Passwords for 2011 is not going to cut the proverbial mustard." Be creative in your passwords!